[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Slicing and Dicing in new-esp

To: Ran Canetti <canetti@xxxxxxxxxxxxxx>
Subject: Re: Slicing and Dicing in new-esp
From: Naganand Doraswamy <naganand@xxxxxxx>
Date: Tue, 15 Apr 1997 15:54:48 -0400
Cc: ipsec@xxxxxxx, sommerfeld@xxxxxxxxxxxxx
Sender: owner-ipsec@xxxxxxxxxx

Ran
>
>I concur. This is the "cryptographically right" way to do it.
>A transform gets as much keying material as it needs from the 
>key exchange module, and is responsible to slice it and use 
>it in the correct way. In the case of ESP this means to 
>partition the keying material to two DISJOINT parts,
>hand one part to the authentication algorithm  and the other part to 
>the encryption algorithm.
>
>
This is what we agreed in the working group. The transform knows how many
bits it requires.  The transforms need to define how they are going to split
the keying material into disjoint parts. They may have to check for weak
keys etc.

--Naganand
----------------------------------------------------------------
naganand@ftp.com
Tel #: (508)684-6743 (O)

Prev by Date: Re: A pothole in ISAKMP/Oakley
Next by Date: Re: A pothole in ISAKMP/Oakley
Previous by thread: Re: Slicing and Dicing in new-esp
Next by thread: IPComp presentation URL
Index(es):
- Date
- Thread